def GET(self):
params = web.input()
try:
projectid = int(params.id)
except (ValueError, AttributeError):
raise web.internalerror("parameter error.")
project = Project.getraw(projectid)
if project:
hosts = Host.where(project_id=projectid,tmp=0).getsraw()
for host in hosts:
host['vuls'] = Vul.where(host_id=host['id']).getsraw('name','url','info','type','level','description')
host['comments'] = Comment.where(host_id=host['id']).getsraw('name','url','info','level','description')
del host['id']
del host['tmp']
del host['project_id']
project['hosts'] = hosts
del project['id']
projectName = "_".join(project['name'].split(" "))
projectFile = os.path.join("static","tmp",projectName+".proj")
try:
with open(projectFile,'w') as fd:
json.dump(project, fd)
except IOError:
raise web.internalerror("save imported project failed")
def GET(self):
params = web.input()
try:
projectid = int(params.id)
except (ValueError, AttributeError):
raise web.internalerror("parameter error.")
project = Project.getraw(projectid)
if project:
hosts = Host.where(project_id=projectid, tmp=0).getsraw()
for host in hosts:
host['vuls'] = Vul.where(host_id=host['id']).getsraw(
'name', 'url', 'info', 'type', 'level', 'description')
host['comments'] = Comment.where(host_id=host['id']).getsraw(
'name', 'url', 'info', 'level', 'description')
del host['id']
del host['tmp']
del host['project_id']
project['hosts'] = hosts
del project['id']
projectName = "_".join(project['name'].split(" "))
projectFile = os.path.join("static", "tmp", projectName + ".proj")
try:
with open(projectFile, 'w') as fd:
json.dump(project, fd)
except IOError:
raise web.internalerror("save imported project failed")
def GET(self):
params = web.input()
try:
comment = Comment.get(params.id.strip())
except AttributeError:
raise web.internalerror("Missing parameter.")
except FieldError as error:
raise web.internalerror(error)
except WIPError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
if not comment:
return jsonFail()
#delete attachment
if comment.attachment:
if os.path.exists(
os.path.join("static", "attachment", comment.attachment)):
os.remove(
os.path.join("static", "attachment", comment.attachment))
comment.remove()
return jsonSuccess()
def POST(self):
originParams = web.input()
options = (("dbname", "string", "1-50"), )
if not os.path.exists("log"):
os.mkdir("log")
if not os.path.exists(os.path.join("static", "attachment")):
os.mkdir(os.path.join("static", "attachment"))
if not os.path.exists(os.path.join("static", "tmp")):
os.mkdir(os.path.join("static", "tmp"))
if not os.path.exists("data"):
os.mkdir("data")
if not os.path.exists(os.path.join("data", "database")):
os.mkdir(os.path.join("data", "database"))
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
try:
CONF.db.name = str(params.dbname)
except WIPError as error:
raise web.internalerror("Configure file parse error.")
try:
Database.create()
except DBError as error:
raise web.internalerror("Databae creating error," + str(error))
CONF.isinstall = True
CONF.save()
return jsonSuccess()
def POST(self):
originParams = web.input(attachment={})
originParams["filename"] = originParams.attachment.filename
originParams["value"] = originParams.attachment.value
options = (("hostid", "integer", "0-0"), ("filename", "string",
"1-200"),
("name", "string", "0-200"), ("value", "text", ""))
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
hostID = params.hostid
attachName = params.name
attachFilename = params.filename
fileCTime = time.strftime("%Y-%m-%d-%H%M%S", time.localtime())
fileNamePrefix = "{0}_{1}".format(hostID, fileCTime)
if attachName != "":
attachType = os.path.splitext(attachFilename)[-1]
fileName = u"{0}_{1}{2}".format(fileNamePrefix, attachName,
attachType)
else:
fileName = u"{0}_{1}".format(fileNamePrefix, attachFilename)
fileNameFull = os.path.join("static", "attachment", fileName)
try:
comment = Comment(name=fileName,
url="",
info="",
level=3,
attachment=fileName,
description="attachment:" + fileName,
host_id=hostID)
except WIPError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
try:
fd = open(fileNameFull, "wb")
fd.write(params.value)
except IOError as error:
raise web.internalerror('Write attachment file failed!')
finally:
fd.close()
try:
comment.save()
except FieldError as error:
RTD.log.error(error)
raise web.internalerror(error)
except WIPError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
return True
def POST(self):
originParams = web.input(attachment={})
originParams["filename"] = originParams.attachment.filename
originParams["value"] = originParams.attachment.value
options = (
("hostid","integer","0-0"),
("filename","string","1-200"),
("name","string","0-200"),
("value","text","")
)
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
hostID = params.hostid
attachName = params.name
attachFilename = params.filename
fileCTime = time.strftime("%Y-%m-%d-%H%M%S",time.localtime())
fileNamePrefix = "{0}_{1}".format(hostID,fileCTime)
if attachName != "":
attachType = os.path.splitext(attachFilename)[-1]
fileName = u"{0}_{1}{2}".format(fileNamePrefix,attachName,attachType)
else:
fileName = u"{0}_{1}".format(fileNamePrefix,attachFilename)
fileNameFull = os.path.join("static","attachment",fileName)
try:
comment = Comment(name=fileName,url="",info="",level=3,attachment=fileName,description="attachment:"+fileName,host_id=hostID)
except WIPError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
try:
fd = open(fileNameFull, "wb")
fd.write(params.value)
except IOError as error:
raise web.internalerror('Write attachment file failed!')
finally:
fd.close()
try:
comment.save()
except FieldError as error:
RTD.log.error(error)
raise web.internalerror(error)
except WIPError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
return True
def POST(self):
web.header('Content-Type', 'application/json')
originParams = web.input()
options = (
("domain","string","1-200"),
("type","integer","0-3"),
("project_id","integer","")
)
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
domain = params.domain.lower()
protocol = ""
port = None
#resolve protocol
if domain.startswith("http://"):
protocol = "http"
domain = domain[7:]
port = 80
elif domain.startswith("https://"):
protocol = "https"
domain = domain[8:]
port = 443
elif "://" in domain:
raise web.internalerror("unrecognized protocol, should be 'http' or 'https'.")
#resolve port
try:
pos = domain.rindex(":")
except ValueError:
pass
else:
try:
port = int(domain[pos+1:])
except ValueError:
pass
domain = domain[:pos]
if not protocol: protocol = "http"
if not port: port = 80
task = ServiceIdentifyPlugin(ptype=int(params.type)) | DataSavePlugin(projectid=params.project_id)
host = Host(url=domain,protocol=protocol,port=port)
task.dostart([host])
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
originParams = web.input()
options = (("domain", "string", "1-200"), ("type", "integer", "0-3"),
("project_id", "integer", ""))
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
domain = params.domain.lower()
protocol = ""
port = None
#resolve protocol
if domain.startswith("http://"):
protocol = "http"
domain = domain[7:]
port = 80
elif domain.startswith("https://"):
protocol = "https"
domain = domain[8:]
port = 443
elif "://" in domain:
raise web.internalerror(
"unrecognized protocol, should be 'http' or 'https'.")
#resolve port
try:
pos = domain.rindex(":")
except ValueError:
pass
else:
try:
port = int(domain[pos + 1:])
except ValueError:
pass
domain = domain[:pos]
if not protocol: protocol = "http"
if not port: port = 80
task = ServiceIdentifyPlugin(ptype=int(params.type)) | DataSavePlugin(
projectid=params.project_id)
host = Host(url=domain, protocol=protocol, port=port)
task.dostart([host])
return jsonSuccess()
def GET(self):
web.header('Content-Type', 'application/json')
params = web.input()
try:
hid = str(int(params.id))
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
try:
Host.delete(hid)
except (KeyError, AttributeError, FieldError, ModelError, DBError) as error:
RTD.log.error(error)
raise web.internalerror(error)
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input(projectfile={})
try:
fileName = params.projectfile.filename
fileStr = params.projectfile.value
except AttributeError:
raise web.internalerror("Missing parameter.")
projectDict = json.loads(fileStr)
hosts = projectDict.get("hosts", [])
try:
del projectDict['hosts']
except KeyError:
pass
try:
Project(**projectDict).save()
except DBError as error:
raise web.internalerror("failed to insert project " + str(error))
projectid = Project.where(
name=projectDict.get('name')).getsraw('id')[0]['id']
for host in hosts:
vuls = host.get("vuls", [])
comments = host.get("comments", [])
try:
del host['vuls']
del host['comments']
except KeyError:
pass
host['project_id'] = projectid
Host(**host).save()
kwargs = {
key: host[key]
for key in ['url', 'ip', 'port'] if key in host
}
hostid = Host.where(**kwargs).getsraw('id')[0]['id']
for vul in vuls:
vul['host_id'] = hostid
Vul(**vul).save()
for comment in comments:
comment['host_id'] = hostid
Comment(**comment).save()
return jsonSuccess()
def GET(self):
web.header('Content-Type', 'application/json')
params = web.input()
try:
hid = str(int(params.id))
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
try:
Host.delete(hid)
except (KeyError, AttributeError, FieldError, ModelError,
DBError) as error:
RTD.log.error(error)
raise web.internalerror(error)
return jsonSuccess()
def _wrapper(*args, **kwargs):
try:
return func(*args, **kwargs)
except KeyError as error:
RTD.log.error(error)
raise web.internalerror("Missing parameter.")
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror("Missing parameter.")
except FieldError as error:
RTD.log.error(error)
raise web.internalerror(error)
except ModelError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
except DBError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input(projectfile={})
try:
fileName = params.projectfile.filename
fileStr = params.projectfile.value
except AttributeError:
raise web.internalerror("Missing parameter.")
projectDict = json.loads(fileStr)
hosts = projectDict.get("hosts",[])
try:
del projectDict['hosts']
except KeyError:
pass
try:
Project(**projectDict).save()
except DBError as error:
raise web.internalerror("failed to insert project "+str(error))
projectid = Project.where(name=projectDict.get('name')).getsraw('id')[0]['id']
for host in hosts:
vuls = host.get("vuls",[])
comments = host.get("comments",[])
try:
del host['vuls']
del host['comments']
except KeyError:
pass
host['project_id'] = projectid
Host(**host).save()
kwargs = {key:host[key] for key in ['url','ip','port'] if key in host}
hostid = Host.where(**kwargs).getsraw('id')[0]['id']
for vul in vuls:
vul['host_id'] = hostid
Vul(**vul).save()
for comment in comments:
comment['host_id'] = hostid
Comment(**comment).save()
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input(dictfile={})
try:
fileName = params.dictfile.filename
dtype = int(params.type)
except AttributeError:
raise web.internalerror("Missing parameter.")
if dtype == 0:
fileNameFull = os.path.join("data","wordlist","dnsbrute",fileName)
else:
raise web.internalerror("dict type error.")
try:
fd = open(fileNameFull, "w")
fd.write(params.dictfile.value)
except IOError as error:
raise web.internalerror('Write dictfile failed!')
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
originParams = web.input()
options = (("database", "string", "1-50"), )
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
oldDB = CONF.db.name
CONF.db.name = str(params.database)
dblist = os.listdir(os.path.join("data", "database"))
if params.database not in dblist:
try:
Database.create()
except DBError as error:
CONF.db.name = oldDB
raise web.internalerror("Databae creating error," + str(error))
CONF.save()
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input(dictfile={})
try:
fileName = params.dictfile.filename
dtype = int(params.type)
except AttributeError:
raise web.internalerror("Missing parameter.")
if dtype == 0:
fileNameFull = os.path.join("data", "wordlist", "dnsbrute",
fileName)
else:
raise web.internalerror("dict type error.")
try:
fd = open(fileNameFull, "w")
fd.write(params.dictfile.value)
except IOError as error:
raise web.internalerror('Write dictfile failed!')
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input()
rawParam = web.data()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
rawParamList = [x.split("=") for x in rawParam.split("&")]
dictList = [x[1] for x in rawParamList if x[0] == "dictlist"]
options = (("domain", "url", ""), )
try:
domainParams = formatParam(params, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
task = None
if "dnsbrute" in params.keys():
task = DnsBrutePlugin(dictList)
if "googlehacking" in params.keys():
task = (task +
GoogleHackingPlugin()) if task else GoogleHackingPlugin()
if "zonetrans" in params.keys():
task = (task + ZoneTransPlugin()) if task else ZoneTransPlugin()
if task is None:
task = GoogleHackingPlugin()
task = task | ServiceIdentifyPlugin() | DataSavePlugin(
projectid=projectid)
host = Host(url=domainParams.domain)
task.dostart([host])
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input()
rawParam = web.data()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
rawParamList = [x.split("=") for x in rawParam.split("&")]
dictList = [x[1] for x in rawParamList if x[0]=="dictlist"]
options = (
("domain","url",""),
)
try:
domainParams = formatParam(params, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
task = None
if "dnsbrute" in params.keys():
task = DnsBrutePlugin(dictList)
if "googlehacking" in params.keys():
task = (task + GoogleHackingPlugin()) if task else GoogleHackingPlugin()
if "zonetrans" in params.keys():
task = (task + ZoneTransPlugin()) if task else ZoneTransPlugin()
if task is None:
task = GoogleHackingPlugin()
task = task | ServiceIdentifyPlugin() | DataSavePlugin(projectid=projectid)
host = Host(url=domainParams.domain)
task.dostart([host])
return jsonSuccess()
def POST(self):
originParams = web.input()
options = (("nmappath", "string", "1-200"), )
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
CONF.nmap = None if str(params.nmappath) == "nmap" else str(
params.nmappath)
CONF.save()
return jsonSuccess()
def POST(self):
originParams = web.input()
options = (
("dbname","string","1-50"),
)
if not os.path.exists("log"):
os.mkdir("log")
if not os.path.exists(os.path.join("static","attachment")):
os.mkdir(os.path.join("static","attachment"))
if not os.path.exists(os.path.join("static","tmp")):
os.mkdir(os.path.join("static","tmp"))
if not os.path.exists("data"):
os.mkdir("data")
if not os.path.exists(os.path.join("data","database")):
os.mkdir(os.path.join("data","database"))
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
try:
CONF.db.name = str(params.dbname)
except WIPError as error:
raise web.internalerror("Configure file parse error.")
try:
Database.create()
except DBError as error:
raise web.internalerror("Databae creating error,"+str(error))
CONF.isinstall = True
CONF.save()
return jsonSuccess()
def POST(self):
originParams = web.input()
options = (
("nmappath","string","1-200"),
)
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
CONF.nmap = None if str(params.nmappath)=="nmap" else str(params.nmappath)
CONF.save()
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
originParams = web.input()
options = (
("database","string","1-50"),
)
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
oldDB = CONF.db.name
CONF.db.name = str(params.database)
dblist = os.listdir(os.path.join("data","database"))
if params.database not in dblist:
try:
Database.create()
except DBError as error:
CONF.db.name = oldDB
raise web.internalerror("Databae creating error,"+str(error))
CONF.save()
return jsonSuccess()
def GET(self):
params = web.input()
try:
comment = Comment.get(params.id.strip())
except AttributeError:
raise web.internalerror("Missing parameter.")
except FieldError as error:
raise web.internalerror(error)
except WIPError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
if not comment:
return jsonFail()
#delete attachment
if comment.attachment:
if os.path.exists(os.path.join("static","attachment",comment.attachment)):
os.remove(os.path.join("static","attachment",comment.attachment))
comment.remove()
return jsonSuccess()
def GET(self):
web.header('Content-Type', 'application/json')
params = web.input()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
iplist = self.getIPList(projectid)
hosts = Host.where(project_id=projectid, tmp=1).orderby("ip").getsraw('id','title','ip','port','protocol')
result = {'iplist':iplist, 'hosts':hosts}
return json.dumps(result)
def GET(self):
params = web.input()
if not params.id.strip().isdigit():
raise web.internalerror("Parameter type error.")
host = Host.get(params.id.strip())
vuls = Vul.where(host_id=host.id).gets("id")
for vul in vuls:
vul.remove()
comments = Comment.where(host_id=host.id).gets("id")
for comment in comments:
comment.remove()
host.remove()
return jsonSuccess()
def GET(self):
params = web.input()
if not params.id.strip().isdigit():
raise web.internalerror("Parameter type error.")
host = Host.get(params.id.strip())
vuls = Vul.where(host_id=host.id).gets("id")
for vul in vuls:
vul.remove()
comments = Comment.where(host_id=host.id).gets("id")
for comment in comments:
comment.remove()
host.remove()
return jsonSuccess()
def GET(self):
web.header('Content-Type', 'application/json')
params = web.input()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
iplist = self.getIPList(projectid)
hosts = Host.where(project_id=projectid, tmp=1).orderby("ip").getsraw(
'id', 'title', 'ip', 'port', 'protocol')
result = {'iplist': iplist, 'hosts': hosts}
return json.dumps(result)
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input()
rawParam = web.data()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
rawParamList = [x.split("=") for x in rawParam.split("&")]
ipList = [x[1] for x in rawParamList if x[0]=="iplist"]
hosts = [Host(ip=x) for x in ipList]
defaultValue = {"tmp":1}
task = SubnetScanPlugin() | ServiceIdentifyPlugin(ptype=1) | DataSavePlugin(defaultValue=defaultValue,projectid=projectid)
task.dostart(hosts)
return jsonSuccess()
def getIPList(self, projectid):
try:
hosts = Host.where(project_id=projectid).getsraw("ip")
except (KeyError, AttributeError, FieldError, ModelError, DBError) as error:
RTD.log.error(error)
raise web.internalerror(error)
result = list()
for host in hosts:
try:
pos = host['ip'].rindex(".")
ip = host['ip'][:pos] + ".1"
except (KeyError, ValueError, AttributeError):
continue
for key in result:
if ip == key[0]:
key[1] += 1
break
else:
result.append([ip,1])
return result
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input()
rawParam = web.data()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
rawParamList = [x.split("=") for x in rawParam.split("&")]
ipList = [x[1] for x in rawParamList if x[0] == "iplist"]
hosts = [Host(ip=x) for x in ipList]
defaultValue = {"tmp": 1}
task = SubnetScanPlugin() | ServiceIdentifyPlugin(
ptype=1) | DataSavePlugin(defaultValue=defaultValue,
projectid=projectid)
task.dostart(hosts)
return jsonSuccess()
def getIPList(self, projectid):
try:
hosts = Host.where(project_id=projectid).getsraw("ip")
except (KeyError, AttributeError, FieldError, ModelError,
DBError) as error:
RTD.log.error(error)
raise web.internalerror(error)
result = list()
for host in hosts:
try:
pos = host['ip'].rindex(".")
ip = host['ip'][:pos] + ".1"
except (KeyError, ValueError, AttributeError):
continue
for key in result:
if ip == key[0]:
key[1] += 1
break
else:
result.append([ip, 1])
return result